A movie that tells the true story about an American con man has not yet been released in America. No, not Abignale. This is a different spin artist.

Like Abignale this man starts out losing his parents. Instead of running away, however, he is adopted. The search for his real parents leads him to master the use of law enforcement databases. Things go downhill quickly as his life becomes a game of breaking identity and trust systems.

At one point after being arrested he managed to assume the role of his own judge and orders his own bond reduced. Another time in jail he signed up for art classes and then slowly acquired green ink to dye his clothes to look like medical staff, at which point he simply walks away without detection.

The plot is definitely good security material

I Love You Phillip Morris is a 2009 comedy-drama film based on the real life events of con artist, impostor, and multiple prison escapee Steven Jay Russell played by Jim Carrey. While incarcerated, Russell falls in love with his cell mate, Phillip Morris (Ewan McGregor). After Morris is released from prison, Russell escapes from prison four times in order to be reunited with Morris. The film was adapted from I Love You Phillip Morris: A True Story of Life, Love, and Prison Breaks by Steve McVicker.

Wikipedia says a release in America may happen this October. It has a great cast and good reviews from Europe and Taiwain. Watch it if you can.

The iPhone 4 signal issue is thoroughly dissected by fscked.co.uk

The tl;dr version of this is: the signal strength bars are almost meaningless and should not be relied on.

Incidentally, this also explains what’s going on when you have a strong signal, attempt to make a call, and can’t connect. The bars only indicate how well your phone can listen to the cell tower. They don’t tell you anything about how well the tower can receive your phone, but that’s a pretty important part of making a call. Similarly, the phone doesn’t know anything about what’s going on in the cell provider’s network past the tower; if you’re on a really busy cell it might not have any spare outgoing circuits to direct your call to, so even if the radio is working fine, you might still not be able to get through. If you’re on AT&T it’s probably all of the above at the same time of course.

In conclusion, version 4 of the iPhone continues to have serious data integrity and availability issues.

Taking my Objective Scientist Dude hat off now, I’d say that iPhone 4 is a fantastic device but a lousy phone.

Updated to add: I had no idea Apple would made this announcement today:

Upon investigation, we were stunned to find that the formula we use to calculate how many bars of signal strength to display is totally wrong.

[…]

Apple is promising a patch fix “within a few weeks”. Users may also choose to get a full refund within 30 days of purchase, the firm has said.

Taking virtual machines to the application level seems to be the goal of Qubes, which is yet another hypervisor based on Linux. Perhaps the name YAH was not appealing?

It uses the phrases “lightweight virtual machine”, “work virtual machine” and “Disposable VMs” as well as “AppVMs” in the documentation. It is an interesting concept, along the lines of sandboxes, applets, chroots, LPARs, LVMs, etc. and similar trusted computing architectures that have been around for ages. In the Qubes model each application is meant to run in a virtual machine space so attacks find harder to escape. You can run a financial VM and a gaming VM, for example, that would be isolated in the same way as running a financial computer and a gaming computer.

I have run a similar setup for years. Not sure what would make anyone want to switch to a Qube. AFAIK no one has every accused Joanna Rutkowska of understatement in her marketing.

With that being said, her Invisible Things Lab’s blog announced today Qubes Alpha 2 released!

The Alpha 2 is out!
New screenshots are here :)

Exclamation! Exclamation! Can you believe that this virtually hyped sandbox will be any different than the many open source ones already available such as Nizza and the Nova microhypervisor?

Opscode has announced their Commercial Platform is now available to the public

Opscode, Inc., a cloud infrastructure automation company, today announced the limited beta release of the Opscode Platform, the world’s first hosted configuration management service. The Opscode Platform makes the popular open-source configuration management tool Chef even more powerful and easy to use.

Chef is an open source project that allows administrators to write “recipes” and automate builds in a cloud environment. It can provision web servers all configured the same way, for example.

I was just watching an example of how efficient this can be when I noticed a typo in permissions that would create a weakness. This reminded me of the double-edged swords of administration. Although it’s fantastic to be able to deploy hundreds or thousands of servers with the click of a button, deploying hundred or thousands of insecure servers can create a real nightmare. Yet another example of how security in the cloud might look different to some.